Method and apparatus for preventing disarmed service attack in network address converting

A denial of service attack, network address translation technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as service interruption, no traffic in session sessions, and new services cannot apply for session sessions, so as to avoid business The effect of interruption and prevention of denial of service attacks

Inactive Publication Date: 2007-04-18
HUAWEI TECH CO LTD
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] A denial of service attack can establish a large number of session sessions through the above means. Each session session will occupy a certain amount of memory. At the same time, as the number of session sessions increases, the processing speed will also decrease. Attacks can be performed by replacing session sessions. A certain field in the NAT-PT device allows the NAT-PT device to generate a new session session, but this session session has no corresponding traffic, which is a useless session session, such a useless session session will be full of memory or the chip cannot handle it, normal The new business will not be able to apply for the session session, resulting in business interruption

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for preventing disarmed service attack in network address converting
  • Method and apparatus for preventing disarmed service attack in network address converting

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Due to the current network application, the number of sessions initiated by the same host in the network is limited, usually a dozen or dozens, and a special application may reach hundreds. Denial of service attacks will initiate session requests exceeding the number of normal sessions. In order to achieve the purpose of consuming the resources of the attack target.

[0033] In addition, the main methods of causing a large number of useless connections through attacks are:

[0034] Different destination addresses for visits using replacement messages;

[0035] Use different port numbers for the destination address of the same message;

[0036] Use the source address of the replacement message;

[0037] The source addresses of the same packets have different port numbers.

[0038] In the present invention, based on the above-mentioned means of denial of service attack and the present situation of network host session, the following means are mainly adopted to prevent ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for preventing denial of service attack in network address conversion, comprising: determining the maximum number of sessions that the stream with the characteristic of denial of service attack is allowed to build in the network address conversion; when the number of sessions that the stream builds is up to the maximum session number in the netwrok address conversion, limiting the session building of the stream to prevent denial of service attack. In addition, the invention discloses a corresponding device. And the invention can assure normal user service.

Description

technical field [0001] The invention relates to network address translation technology, more specifically, the invention relates to a method and device for preventing denial of service attacks in network address translation. Background technique [0002] Network Address Translation (NAT, Network Address Translation) is an Internet Engineering Task Force (Internet Engineering Task Force, IETF) standard for allowing multiple PCs on a private network (using a dedicated address segment, such as 10.0.x.x, 192.168.x.x , 172.x.x.x) share a single, global routing IPv4 address. The NAT-PT transition mechanism is one of the IPv6 transition technologies proposed to solve the problem of mutual access between IPv4 hosts and IPv6 hosts. In RFC2766--Network Address Translation-Protocol Translation (NAT-PT), RFC2765--Stateless IP / ICMPTranslation Algorithm (SIIT) defines the address allocation method for mutual visits between IPv6 and IPv4 nodes. When an IPv6 node starts to access an IPv4 no...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/56
Inventor 陈洪飞张原
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap